<?php
include('include/config.inc.php');
if(!isset($_SESSION['s_activId']))
{
  $_SESSION['s_urlRedirectDir'] = $_SERVER['REQUEST_URI'];
  header("Location:checkLogin.php");
}
  $oldPassword     =isset($_POST['oldPassword'])?$_POST['oldPassword']:"";
  $newPassword     =isset($_POST['newPassword'])?$_POST['newPassword']:"";
  $confNewPassword =isset($_POST['confNewPassword'])?$_POST['confNewPassword']:"";
  $msg = "";
  if(isset($_POST['oldPassword']))
  {
  	$oldPassword     = $_POST['oldPassword'];
  	$newPassword     = $_POST['newPassword'];
  	$confNewPassword = $_POST['confNewPassword'];
  	if($newPassword == $confNewPassword)
  	{
  	  $selectQuery = "SELECT password
                        FROM user
                       WHERE userName = '".$_SESSION['s_activId']."'
                         AND password = '".($_POST['oldPassword'])."'";
      $selectQueryResult = mysql_query($selectQuery);
      if($afectedAny = mysql_fetch_array($selectQueryResult))
      {
        $afectedAny['password'];
        if($afectedAny['password'] == ($_POST['oldPassword']))
        {
          $updateQuery = "UPDATE user
                             SET password = '".($_POST['newPassword'])."'
                           WHERE userName = '".$_SESSION['s_activId']."'
                             AND password = '".($_POST['oldPassword'])."'";
          mysql_query($updateQuery);
          header("Location:./index.php");
        }
        else
        {
          $msg = "Password Not Change";
        }
      }
      else
      {
        $msg="Old Password Is Incorrect";
      }  
  	}
  	else
  	{
  	  $msg="confirm pawossword missmetch";
  	}
    
  }
  include("./bottom.php");
  $smarty->assign("msg",$msg);
  $smarty->display("changePassword.tpl");
?>